For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jonathan_Perroz's avatar
Jonathan_Perroz
Icon for Nimbostratus rankNimbostratus
Jun 21, 2015

Example GTM and LTM configuration

Hi, Does anyone have any example GTM configurations to provide GSLB to LTMs? The GTM would be authoritative for the whole domain, providing WideIP functionality to the virtual severs behind the LTMs...
application delivery
BIG-IP DNS
deployment
LTM
VernonWells's avatar
VernonWells
Icon for Employee rankEmployee
Jul 03, 2015

There are a number of variables related to what you're asking for. I recommend going through the free online GTM training provided by F5:

https://f5.com/education/training/free-courses/tag/global%20traffic%20manager

and reading this guide:

https://support.f5.com/kb/en-us/products/big-ip_gtm/manuals/product/gtm-implementations-11-5-0.html

You may consider the three day GTM training course provided by F5:

https://f5.com/education/training/courses/big-ip-global-traffic-manager-gtm-v11

Having said that, here are some simple configuration commands via tmsh for configuring a GTM for initial use, then adding an LTM to its iQuery mesh, with the following assumptions:

GTM:
  - mgmt IP:        192.168.1.212
  - VLANs:          internal, external
  - selfIPs:        internal = 10.10.212.1/24; external = 10.11.212.1/24
  - route:          default via 10.11.212.254
  - provisioned:    GTM
LTM:
  - mgmt IP         192.168.10.100
  - VLANs:          internal, external
  - selfIPs:        internal = 172.16.5.1/24; external = 172.20.50.1/24
  - route:          default via 172.20.50.254
  - provisioned:    LTM

And the commands:

  Create a Datacenter; all Servers must be in a Datacenter
 tmsh create datacenter seattle
 
  Create Server for the GTM itself; it will not monitor objects unless this is done
 tmsh create gtm server gtm01 addresses add \
    { 192.168.1.212 { } 10.10.212.1 { } 10.11.212.1 { } } \
    datacenter seattle product single-bigip monitor bigip
    
  Create Server for the LTM; this is a required before running bigip_add
 tmsh create gtm server ltm01 addresses add { 172.20.50.1 { } }
 
  Run bigip_add
 bigip_add 172.20.50.1

If you are using certificates that are not self-signed:

https://support.f5.com/kb/en-us/solutions/public/7000/700/sol7717.html

If the LTM is running an older version of BIG-IP than the GTM, you may need to run 

big3d_install
:

https://support.f5.com/kb/en-us/solutions/public/13000/300/sol13312.html

The LTM interface through which iQuery communication occurs must have port lockdown set at least to "Default" (i.e., it cannot be "None").

From this point, you must create GTM Pools containing the LTM Virtual Server objects, then create WideIPs using the created Pools. The materials above should prove instructive for this purpose.

JG's avatar
JG
Icon for Cumulonimbus rankCumulonimbus
Sep 05, 2017

A good, concise example. Things might have changed, but in the current documentation I find the following:

"Important: You must use a self IP address for a BIG-IP ® system; you cannot use the management IP address."